As we approach the end of National CyberSecurity Awareness Month (#NCSAM), I thought it appropriate to begin expanding upon the tips I've been providing through my daily Tweets.
Today's topic will be user identification (USERID) (Tip #25) and passwords (Tip #1 & #2), and how judicious selection of both can serve to protect you and your family online.
Let’s start with the USERID. A USERID is the means by which a service provider, website or account identifies you. Some service providers use your email address as a USERID, while others may ask you to create one for use with their service. On Twitter for example, you are asked to create a USERID. My USERID on Twitter is BurgessCT, clearly associating me to my name.
Pretty straightforward? Well, not exactly. You see, while in my example my USERID clearly identifies me, it does so by design. My Tweets on Twitter are my responsibility and I should be and am held accountable for them, therefore, I chose to make a clear association between me and my USERID. I intended for those seeing the USERID to be able to identify me, and distinguish me from others with a similar name.
Your decision chain on your USERID should be your own. If you have children in your family or are assisting an elder member of our community, I advocate the creation of a USERID which does not identify the user by name or location and is gender and age neutral.
It is unfortunate, but there exists an ugly underbelly of society which preys on our youth and elderly. They glide through chat rooms and harvest lists in an attempt to identify the name, location, gender and age of a potential target so that they may begin to engage the individual to the individual’s detriment and the perpetrator’s benefit. You can make it harder for the miscreant to get started by neutralizing your USERID.
• Examples of USERID’s which tend toward identification of name, location, gender and age, and which I advocate to shy away from: Sally1995 or SeattleJames1995 or Fishing-Lady
• Examples of USERID's which are name, location, gender and age neutral: Wheat5419 or B8dHRt or Pinecone anyone reviewing these userids wouldn't be harvesting them as male or female, a minor or adult, in Seattle or Omaha, able to identify the name, gender or age of the user.
Now accompanying those USERID’s are PASSWORDs.
The password is the key to the front door of the service provider, website or account. The service provider may ask you to create a password, or they will provide one to you for your initial engagement (then when you enter their domain, you're direct to a page to change it to one of your own choosing).
Passwords can either be weak or strong. A weak password is a word found in the dictionary; or if the USERID is identifiable then a family name, birth date, pet’s name, street address, or the like. Sadly, the most common password is “123456” with “QWERTYU” not far behind.
I advocate the creation of strong passwords. A strong password is not a word found in any dictionary, of any language. The password is case sensitive with both upper and lower case, includes numbers and symbols. This stops, dead in their tracks, the dictionary attacks and brute force compromise of your password.
Though inconvenient, I also strongly suggest that a different password be used for different environments and sites. My recommendation is based on the fact that you can’t protect yourself from the service provider, account provider or website accidently losing your password. If they do, and it is associated with your USERID, then that password, if common across environments opens up all the doors, not just the compromised account.
- An example of a strong password: L)ngsh0rem3n (this uses upper case, symbols and number and is not a word in any dictionary)
To conclude:
Practice good cyber-hygiene: Treat your passwords like your toothbrush. You don’t share them others and you change them often.
Passwords should be used for one site and one site only. For strong passwords, use symbols, numbers and letters. NEVER use a word from a dictionary. NEVER use a word from any language found in any dictionary in any language.
USERIDs, make sure you select USERIDS which are name, location, age and gender neutral.
Thank you for your time.
All the best,
Christopher
0 comments:
Post a Comment